How to use Hardware RNG (Random Number Generator) with OpenStack Instances

KVM supports VirtIO random number generator (RNG) which is a paravirtualized device that is exposed as a hardware RNG device to the guest. On the host, it can be hooked up to a real hardware RNG device or host’s /dev/random, if hardware RNG is not available.

IBM Power servers comes equipped with hardware RNG and I’ll show you how to use it with OpenStack instances running on PowerKVM.

Three things needs to be done for using hardware RNG with OpenStack:

1. Make necessary changes to Nova configuration on the compute node having the hardware RNG device.

2. Make necessary changes to Glance image to be used for the instances.

3. Make necessary changes to Nova flavor configuration.

1. Nova configuration changes in the compute node

Following is the nova.conf changes for the PowerKVM compute node

***/etc/nova/nova.conf ***

# A path to a device that will be used as source of entropy on
# the host. Permitted options are: /dev/random or /dev/hwrng
# (string value)rng_dev_path=/dev/hwrng

2. Glance image changes

In order for the virtio-rng device to be added to KVM instance, hw_rng=virtio property should be set in Glance image metadata: